Senior/Staff/Principal AI/ML Engineer - Threat Detection Engineering

Job DescriptionAI/ML Engineer (Senior/Staff/Principal) - Threat DetectionNew York, NY RemoteAbout AppGateAppGate secures and protects an organization's most valuable assets with its high performance Zero Trust Network Access (ZTNA) solution. AppGate is the only direct-routed ZTNA solution built for peak performance, superior protection and seamless interoperability. AppGate safeguards Fortune 500 enterprises worldwide.About The RoleAppGate is looking for an AI/ML Engineer to design, build, and operationalize detection algorithms, ML inference pipelines, and risk aggregation systems. You will work at the intersection of identity security, behavioral analytics, and applied machine learning to build production systems that analyze ZTNA audit logs, surface high-fidelity threat signals, and feed into the Risk Sentinel enforcement engine.Key ResponsibilitiesDesign and build advanced threat detection engines for identity compromise, privilege escalation, impossible travel, and data exfiltration.Develop production ML models using Isolation Forest, One-Class SVM, and Autoencoder neural networks for behavioral anomaly detection.Create risk aggregation and enforcement systems to normalize detection signals into dynamic risk scores driving adaptive access.Build scalable, low-latency streaming pipelines for near real-time ZTNA event processing.Define security controls for autonomous AI agents, including detection of agent drift, prompt injection, and data leakage.Architect and operationalize detection pipelines from audit log ingestion through risk aggregation.Define detection taxonomy and lifecycle management for the detection library.Train, evaluate, and deploy ML models on real-world telemetry, tuning for precision and recall.Collaborate cross-functionally to align detection coverage with customer threat models.Required QualificationsExperience: 7+ years of production AI/ML engineering experience, preferably in threat detection, UEBA, ITDR, or identity security platforms.Detection Expertise: Hands-on experience designing detections for identity-based threats (credential compromise, privilege escalation, insider activity, data exfiltration).MLOps & Productionization: Experience building scalable MLOps platforms including model lifecycle management, CI/CD for ML, feature stores, automated retraining, and deployment orchestration (Kubernetes, MLflow, Kubeflow, SageMaker, etc.).ML Proficiency: Experience building AI-powered security systems using LLMs, deep learning, and agentic AI techniques.Data & Streaming: Experience with real-time pipelines (Kafka, Flink, Spark Streaming) and lakehouse formats (Apache Iceberg, Parquet).Security Domain Knowledge: Familiarity with MITRE ATT&CK, identity threat kill chains, ZTNA/NAC systems, and audit log analysis.Mindset: Mission-driven, production-focused, and focused on signal quality (precision/recall, false positive reduction).Preferred Qualifications (Bonus)Experience with detection-as-code frameworks (Sigma, YARA).Experience with ZTNA platforms.Application of LLMs or GNNs to security.Publications at USENIX, CCS, NeurIPS, or ICML.